By Tom Farrar

On September 15 2008, top US investment bank Lehman Brothers filed for Chapter 11 bankruptcy protection. Founded in 1850, in 2007 Lehman Brothers achieved record net revenues, net income and earnings per common share for the fourth consecutive year. In less than one year Lehman Brothers saw their once record net revenue plunge to $6 billion in the red. The question isn’t how does a mammoth organisation such as Lehman Brothers find themselves in this position but, in the current climate where seemingly financially stable firms are filing for bankruptcy, who is your business safe with?

Many businesses outsource (their IT) for various reasons; cost savings, operational expertise, capacity management to name a few. Outsourcing firms also often offer other services, such as business continuity planning and disaster recovery plans. Replication between multiple data centres, redundant links, work space relocation, ISO 27001 and BS 7799 are all good, but what happens when the company providing that service ceases to trade? Read the rest of this entry »

By Sam Miller 

With the advent of personal computers and the Internet, valuable information has never been more at risk than before. Hackers and other people who try to infiltrate a computer-generated system, or even manually getting information through “spies” are elements you may want to watch out for when securing your data. There is enough reason for you to check security performance with the necessary procedures to ensure safety of your confidential data.

Why do data breaches happen? There are top five reasons why this special case happens in some companies. Data breach happens because of (1) some significant error that occurred in the system, (2) hacking and intrusions, (3) the incorporation of malicious codes, (4) the exploitation of vulnerability, and (5) Read the rest of this entry »

By Andrew Winthorp 

With many individuals and businesses connecting to the internet using wireless devices, and the reported cases of security breach and identity theft, having an awareness of wireless security measures to improve system security is a must. Many wireless users simply do not know that they are open and exposed to system penetration and bandwidth theft. Here are several suggestions to prevent your system from becoming a wireless hotspot.

(i) Change the password on your router. All routers come with preset service identifiers. Hackers are familiar with these protocols. You should change the password to something Read the rest of this entry »

By Andy Peter Roberts

Few companies would argue about the value of a comprehensive Disaster Recovery plan that covers all areas of the business and holds the key to successfully resuming day to day business activity should the worst happen.

Most businesses would be pretty unlucky to suffer from major downtime due to things like fire, flood or theft. Terrorism generates a huge amount of column inches and the effects of something like 911 are truly devastating however even in the current climate these occurrences are thankfully few and for between.

What is more likely to happen is an email server failure, a corrupt database or the network being compromised by a virus. Guarding against this type of outage should be Read the rest of this entry »

The SANS Security Policy Project has a great collection of free security policies, security awareness posters and other great resources.

Security policies and posters you can download include:

• Clean Desk Policy
• Mobile Device Encryption Policy
• Workstation Security Policy
• Software Installation Policy
• Server Malware Protection Policy

Plus there are lots more policies you can download.

Check it out!

By Raheel Ahmad

WARNING:

The information provided is for educationally purposes only and not to be used for malicious use.

Before digging into what actually SQL Injection is, let me explain you what is SQL itself.

What is SQL?

Structured Query Language (SQL) is a specialized programming language for sending queries to databases. Most small and industrial- strength database applications can be accessed using SQL statements. SQL is both an ANSI and an ISO standard. However, many database products supporting SQL do so with proprietary extensions to the standard language. Web applications may use user-supplied input to create custom SQL statements for dynamic web page requests.

What is SQL Injection?

SQL injection is a technique that exploits a Read the rest of this entry »

By Amy Nutt

Planning, creating, and building a data centre can be one of the most expensive tasks an IT director can face. In order to maximize cost effectiveness and achieve optimum performance, reliability is key.

Data centre size can range from one room in an office to an entire building, but there are some basic requirements which must be implemented to ensure system reliability. When designing a data centre, efficient planning is very important. A number of areas must be addressed to ensure a dependable and efficient system which is capable of continued operation.

Understand the potential causes of failure

There are a number of areas cited as the most common causes of data centre failure: Read the rest of this entry »

Photo credit: KAREN BLEIER/AFP/Getty Images

In breaking news directly related to data security policies, FoxNews is reporting that the World Bank has suffered possibly “the worst security breach ever at a global financial institution”:

 The World Bank Group’s computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned.

It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution’s highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank’s network for nearly a month in June and July.

In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.

While it remains unclear how much data has been pilfered from the bank, it’s a lot. According to internal memos, “a minimum of 18 servers have been compromised,” including some of the bank’s most sensitive systems — ranging from the bank’s security and password server to a Human Resources server “that contains scanned images of staff documents.”

One World Bank director tells FOX News that as many as 40 servers have been penetrated, including one that held contract-procurement data.

Despite the gravity of the break-ins, the bank is trying hard to pretend to outsiders it didn’t happen. “There were attempts to hack the bank’s computer systems last summer,” says a World Bank spokesman. “However, there was no compromise of confidential information.”

So if this actually happened, which data security policies could have helped prevent the “the worst security breach ever at a global financial institution”?

• Corporate Security Policy
• Incident Response Policy
• Network Security Policy
• Vulnerability Management Policy

Others?

In a breaking news story directly related to data security policies, it sounds like Deloitte had another laptop stolen yesterday, 9 Oct 2008.

Here’s an excerpt from the UK Computing article here:

A laptop owned by consultancy Deloitte which held information about staff under BSkyB’s pension plan has been stolen, Computing can reveal.

The computer was taken from a Deloitte employee in September at a public place and contained names, dates of birth and salary figures to be used for audit work on the broadcaster’s pension scheme.

BSkyB said the data did not include bank or address details and claimed it is highly unlikely that the information will be mishandled due to the laptop’s reliable data security set-up.

“The laptop was protected by a number of security measures, including passwords, user IDs and encryption of the majority of the information, so we are confident that the risk of data access or misuse is low,” said a BSkyB spokeswoman.

The fact that the spokeswoman says they used encryption on “the majority of the information” signals to me that they weren’t using whole disk encryption which is a common practice on laptops these days.

I’m sure if they were using full disk encryption they would have been 100% confident that the data was protected and they wouldn’t have had to notify the media about the loss.

What do you think?